Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

434c77ad1a...61.exe

windows7-x64

8

434c77ad1a...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    434c77ad1a0913c1c7d1af31a2fc0761.exe

  • Size

    123KB

  • MD5

    434c77ad1a0913c1c7d1af31a2fc0761

  • SHA1

    ba829c3e7ef2a615e6a268579d9d3709b7f1e5cd

  • SHA256

    45da96badafdc961c24dd4033bb2d0bc1f22c281471efc73abf39d9856e13e16

  • SHA512

    b30e8610868d14d979838ba3e8ea89158d821b94370bd096de3c1e4bce4eda87075423b8a4b28bd80175b2f3facb9ee17afc3d7d235d03644b7df813aa690c65

  • SSDEEP

    3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLyF:OVYrJrOSsRwcpG

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs regedit.exe 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\434c77ad1a0913c1c7d1af31a2fc0761.exe
    "C:\Users\Admin\AppData\Local\Temp\434c77ad1a0913c1c7d1af31a2fc0761.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\iaccess32.exe
      C:\Windows\iaccess32.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:3600
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3664
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Windows\system32\egaccess4_1071.dll"
      1⤵
        PID:1000
      • C:\Windows\SysWOW64\regedit.exe
        "C:\Windows\System32\regedit.exe" /s C:\Windows\tmlpcert2007
        1⤵
        • Runs regedit.exe
        PID:1876

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Instant Access\DesktopIcons\NOCREDITCARD.lnk
        Filesize

        2KB

        MD5

        711e9c083cc63645864adcc9a970192d

        SHA1

        6060d3a470fafdc0b817db30c8fbc476af529962

        SHA256

        8cccc04c41c1e481c35564275ff8bb56a2bd5478d3ad9df5ffc614f3585c236a

        SHA512

        65f4b6c4d31708d6d756e2c84f9146362a29a7bf37df19714ce5af828b2899d026cd112014770eddef98d473b38cf085b4148614edd703833d7f303170d46b32

        Download Submit

      • C:\Program Files (x86)\Instant Access\Multi\20100713160704\instant access.exe
        Filesize

        98KB

        MD5

        415812ab41e42f055b7722a255b91270

        SHA1

        1367bc6749dd30b8240fb5d780b16e3007fec096

        SHA256

        49ea7b9c4f2ef87a8badf99e35094b4662684fab6deb470ce381150836cbcd91

        SHA512

        67db95c8cb9aa6ec9d8f7304ac18d7a2aac1a7cc8144255ba2db7d225136ebd10c1492e4a1964245335eb119679cab9dabfcf0c67e067e4c0fac3a27d2cc4257

        Download Submit

      • C:\Windows\SysWOW64\egaccess4_1071.dll
        Filesize

        76KB

        MD5

        b83f652ffa76451ae438954f89c02f62

        SHA1

        b3ba0014dd16cee5f6d4cfe7e28b2d5de79dc6dd

        SHA256

        f601991aa00cbe7001197affc0e3854ab76c51c05b9a6ca3e3f708fed876c32f

        SHA512

        965172a5ecd070ea6707ec9985ee3c135c06534561b90ae233e8049b247d87d529b8280f0faf2b0ed933f59c68844414726fa80c4d3119cffa4fdd1cb60eab83

        Download Submit

      • C:\Windows\dialerexe.ini
        Filesize

        587B

        MD5

        94db44582dd96943809961b06bf1f387

        SHA1

        47a52cd9e2e29489fbb4dd1af4fd6e3aa829e286

        SHA256

        9a84d1eb127923738dad2391c2e2c8ddef2b7c0976483f74c875c939fe4fd25f

        SHA512

        cffcdc2f362d370b0efeb5a2f57a09f699bb3da5932eee70898127a78ac984da7a2073a156bd2d3851f8dcf2ee80944825bea607b6da74c54cdb60f2280649b0

        Download Submit

      • C:\Windows\iaccess32.exe
        Filesize

        123KB

        MD5

        953832243f69ae5eb6981bcc003c3a26

        SHA1

        bebb59dbe1424de41a9fedba46e7d387630e2e74

        SHA256

        ed082954dee391611eb5aa08a8ac14ba130a00a887211c7114be25657f61edee

        SHA512

        a22b919745ed535f0d0b947b75c98dc865bfd89a138f400178b75884a647a15d77d0b0d90fd6ac11426dc023a08b21c53cf6ac5d2d1c48ba3c35c5f182276cbf

        Download Submit

      • C:\Windows\tmlpcert2007
        Filesize

        6KB

        MD5

        b103757bc3c714123b5efa26ff96a915

        SHA1

        991d6694c71736b59b9486339be44ae5e2b66fef

        SHA256

        eef8937445f24c2bcbe101419be42694e0e38628653a755ab29ecba357d81d48

        SHA512

        d04f2ab14ad4d3e06ea357b4c810515d73b32f2650533a5895ebf5d14b4b697752f25c0c371372e00faab661c0b051c33b8c25bf1226f30be5d6b8727dea81e1

        Download Submit

      • memory/2332-0-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2332-5-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/3600-6-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/3600-57-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download